keystone_identity_uri: http://192.168.24.1:35357 keystone_auth_uri: http://192.168.24.1:5000/v3 keystone_region: 'regionOne' keystone_default_domain: 'Default' debug: True controller_host: 192.168.24.1 #local-ipv4 #local-ipv4 similar to the same hiera key in the overcloud ctlplane: 192.168.24.1 controller_host_wrapped: "192.168.24.1" controller_admin_host: 192.168.24.3 controller_public_host: 192.168.24.2 ntp::servers: [] sysctl_settings: {"net.ipv4.ip_nonlocal_bind": {"value": 1}, "net.ipv6.ip_nonlocal_bind": {"value": 1}} # SSL tripleo::haproxy::service_certificate: generate_service_certificates: False tripleo::profile::base::haproxy::certificates_specs: undercloud-haproxy-public: service_pem: service_certificate: '/etc/pki/tls/certs/undercloud-front.crt' service_key: '/etc/pki/tls/private/undercloud-front.key' hostname: "%{hiera('controller_public_host')}" postsave_cmd: "/usr/bin/instack-haproxy-cert-update '/etc/pki/tls/certs/undercloud-front.crt' '/etc/pki/tls/private/undercloud-front.key' undercloud-haproxy-public-cert" principal: # CA defaults certmonger_ca: local # Common Hiera data gets applied to all nodes ssh::server::storeconfigs_enabled: false # memcached memcached::max_memory: '50%' memcached::verbosity: 'v' memcached::disable_cachedump: true memcached::listen_ip: '127.0.0.1' memcached::udp_port: 0 # Apache apache::server_signature: 'Off' apache::server_tokens: 'Prod' # ceilometer settings used by compute and controller ceilo auth settings ceilometer::agent::auth::auth_region: "%{hiera('keystone_region')}" aodh::auth::auth_region: "%{hiera('keystone_region')}" ceilometer::agent::auth::auth_tenant_name: 'service' aodh::auth::auth_tenant_name: 'service' ceilometer::agent::auth::auth_url: http://192.168.24.1:5000 aodh::auth::auth_url: "%{hiera('keystone_auth_uri')}" # Swift swift::proxy::proxy_local_net_ip: 192.168.24.1 swift::proxy::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" swift::proxy::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" swift::proxy::node_timeout: 60 swift::proxy::workers: "%{::os_workers}" swift::proxy::log_facility: LOG_LOCAL2 swift::storage::all::storage_local_net_ip: 192.168.24.1 swift::storage::all::incoming_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' swift::storage::all::outgoing_chmod: 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r' swift::swift_hash_path_suffix: 5488d5e2310ada92110a5dcef0ba00a53eeb5e73 swift::proxy::account_autocreate: true swift::proxy::authtoken::password: 6551dc35fed46835596ce317541d0e6599c3063f swift::keystone::auth::tenant: 'service' swift::keystone::auth::public_url: http://192.168.24.1:8080/v1/AUTH_%(tenant_id)s swift::keystone::auth::internal_url: http://192.168.24.1:8080/v1/AUTH_%(tenant_id)s swift::keystone::auth::admin_url: http://192.168.24.1:8080 swift::keystone::auth::password: 6551dc35fed46835596ce317541d0e6599c3063f swift::keystone::auth::region: "%{hiera('keystone_region')}" swift::keystone::auth::configure_s3_endpoint: false swift::keystone::auth::operator_roles: - admin - swiftoperator swift_mount_check: false swift::ringbuilder::replicas: 1 swift::ringbuilder::part_power: 10 swift::ringbuilder::min_part_hours: 1 swift::proxy::pipeline: - 'catch_errors' - 'healthcheck' - 'proxy-logging' - 'cache' - 'ratelimit' - 'bulk' - 'tempurl' - 'formpost' - 'authtoken' - 'keystone' - 'staticweb' - 'copy' - 'slo' - 'dlo' - 'versioned_writes' - 'proxy-logging' - 'proxy-server' # Glance glance::api::debug: "%{hiera('debug')}" glance::api::bind_port: 9292 glance::api::bind_host: 192.168.24.1 glance::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" glance::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" glance::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" glance::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" glance::api::registry_host: 192.168.24.1 glance::api::authtoken::password: aa8fee5493716b48d24819858d1964dbee9a2249 glance::api::workers: "%{::os_workers}" glance::api::stores: - glance.store.filesystem.Store - glance.store.swift.Store glance::api::default_store: 'glance.store.swift.Store' glance::api::pipeline: 'keystone' # used to construct glance_api_servers glance_log_file: '' glance::api::database_connection: mysql+pymysql://glance:aa8fee5493716b48d24819858d1964dbee9a2249@192.168.24.1/glance glance::api::enable_v1_api: false glance::api::enable_v2_api: true glance::keystone::auth::tenant: 'service' glance::keystone::auth::public_url: http://192.168.24.1:9292 glance::keystone::auth::internal_url: http://192.168.24.1:9292 glance::keystone::auth::admin_url: http://192.168.24.1:9292 glance::keystone::auth::password: aa8fee5493716b48d24819858d1964dbee9a2249 glance::keystone::auth::region: "%{hiera('keystone_region')}" glance::backend::swift::swift_store_auth_address: "%{hiera('keystone_auth_uri')}" glance::backend::swift::swift_store_auth_version: 3 glance::backend::swift::swift_store_user: service:glance glance::backend::swift::swift_store_key: aa8fee5493716b48d24819858d1964dbee9a2249 glance::backend::swift::swift_store_create_container_on_put: true glance::notify::rabbitmq::rabbit_userid: ad577cadead550db9557fadba0dde091b2451582 glance::notify::rabbitmq::rabbit_password: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 glance::notify::rabbitmq::rabbit_host: "192.168.24.1" glance::registry::debug: "%{hiera('debug')}" # Heat heat::debug: "%{hiera('debug')}" heat_stack_domain_admin_password: 45df272fbba689710f733e246c8ddd9978867ae3 heat::engine::configure_delegated_roles: false heat::engine::heat_stack_user_role: 'heat_stack_user' heat::engine::heat_watch_server_url: http://192.168.24.1:8003 heat::engine::heat_metadata_server_url: http://192.168.24.1:8000 heat::engine::heat_waitcondition_server_url: http://192.168.24.1:8000/v1/waitcondition heat::engine::reauthentication_auth_method: 'trusts' heat::engine::trusts_delegated_roles: [] heat::engine::auth_encryption_key: 284913634f581c3fde6c3c8eae421066 heat::engine::max_resources_per_stack: -1 heat::engine::convergence_engine: true heat::engine::num_engine_workers: "%{::os_workers_heat_engine}" heat::engine::max_nested_stack_depth: 7 heat::instance_user: heat-admin heat::default_transport_url: "rabbit://ad577cadead550db9557fadba0dde091b2451582:6b2e65306a27cb0f3127aa3f1ca874bfe3714446@192.168.24.1//" heat::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" heat::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" heat::keystone::authtoken::password: 4443945c6f25faf1c99e70ba3bc0940e14480c8f heat::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" heat::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" heat::keystone::domain::domain_name: 'heat_stack' heat::keystone::domain::domain_password: 45df272fbba689710f733e246c8ddd9978867ae3 heat::api::bind_host: 192.168.24.1 heat::api::workers: "%{::os_workers}" heat::api::service_name: 'httpd' heat::api_cfn::bind_host: 192.168.24.1 heat::api_cfn::workers: "%{::os_workers}" heat::api_cfn::service_name: 'httpd' heat::wsgi::apache_api::ssl: false heat::wsgi::apache_api::bind_host: 192.168.24.1 heat::wsgi::apache_api::workers: "%{hiera('heat::api::workers')}" heat::wsgi::apache_api_cfn::ssl: false heat::wsgi::apache_api_cfn::bind_host: 192.168.24.1 heat::wsgi::apache_api_cfn::workers: "%{hiera('heat::api_cfn::workers')}" heat::database_connection: mysql+pymysql://heat:4443945c6f25faf1c99e70ba3bc0940e14480c8f@192.168.24.1/heat heat_dsn: mysql+pymysql://heat:4443945c6f25faf1c99e70ba3bc0940e14480c8f@192.168.24.1/heat heat::rpc_response_timeout: 600 heat::keystone::auth::tenant: 'service' heat::keystone::auth::public_url: http://192.168.24.1:8004/v1/%(tenant_id)s heat::keystone::auth::internal_url: http://192.168.24.1:8004/v1/%(tenant_id)s heat::keystone::auth::admin_url: http://192.168.24.1:8004/v1/%(tenant_id)s heat::keystone::auth::password: 4443945c6f25faf1c99e70ba3bc0940e14480c8f heat::keystone::auth::region: "%{hiera('keystone_region')}" heat::keystone::auth_cfn::tenant: 'service' heat::keystone::auth_cfn::region: "%{hiera('keystone_region')}" heat::keystone::auth_cfn::password: 94a4a2fabfbd1bf61849bca7972fc9ac6b0d7e1c heat::keystone::auth_cfn::public_url: http://192.168.24.1:8000/v1/%(tenant_id)s heat::keystone::auth_cfn::internal_url: http://192.168.24.1:8000/v1/%(tenant_id)s heat::keystone::auth_cfn::admin_url: http://192.168.24.1:8000/v1/%(tenant_id)s heat::cron::purge_deleted::age: 1 heat::cron::purge_deleted::age_type: 'days' heat::cron::purge_deleted::destination: '/dev/null' heat::notification_driver: 'messaging' heat::yaql_memory_quota: 100000 heat::yaql_limit_iterators: 1000 heat::max_json_body_size: 4194304 # Keystone keystone::debug: "%{hiera('debug')}" keystone::admin_token: 952de69aa8407884ba044a9c2db14d0d9df87e27 keystone::admin_password: 8499350a2bd1f6fa3ebd28676d3415dac009b5a4 keystone::admin_workers: "%{::os_workers}" keystone::public_workers: "%{::os_workers}" keystone::public_bind_host: 192.168.24.1 keystone::admin_bind_host: 192.168.24.1 keystone::public_endpoint: http://192.168.24.1:5000 keystone::service_name: 'httpd' keystone_ca_certificate: '' keystone_signing_key: '' keystone_signing_certificate: '' keystone::database_connection: mysql+pymysql://keystone:952de69aa8407884ba044a9c2db14d0d9df87e27@192.168.24.1/keystone keystone::cron::token_flush::destination: '/dev/null' keystone::roles::admin::password: 8499350a2bd1f6fa3ebd28676d3415dac009b5a4 keystone::roles::admin::email: 'root@localhost' keystone::roles::admin::admin_tenant: 'admin' keystone::roles::admin::service_tenant: 'service' keystone::token_expiration: 14400 keystone::endpoint::public_url: http://192.168.24.1:5000 keystone::endpoint::internal_url: http://192.168.24.1:5000 keystone::endpoint::admin_url: "%{hiera('keystone_identity_uri')}" keystone::endpoint::region: "%{hiera('keystone_region')}" keystone::endpoint::version: '' keystone::wsgi::apache::ssl: false keystone::wsgi::apache::bind_host: 192.168.24.1 keystone::notification_driver: messaging keystone::notification_topics: notifications keystone::rabbit_userid: ad577cadead550db9557fadba0dde091b2451582 keystone::rabbit_password: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 keystone::rabbit_host: "192.168.24.1" keystone::enable_credential_setup: true keystone::fernet_max_active_keys: 2 # MySQL admin_password: 8499350a2bd1f6fa3ebd28676d3415dac009b5a4 enable_galera: true mysql_max_connections: '4096' tripleo::profile::base::database::mysql::step: 2 tripleo::profile::base::database::mysql::manage_resources: true tripleo::profile::base::database::mysql::remove_default_accounts: true tripleo::profile::base::database::mysql::mysql_server_options: 'mysqld': bind-address: "%{hiera('controller_host')}" innodb_file_per_table: 'ON' mysql::server::restart: true mysql::server::root_password: fb474bc73ad6d5a1b5e89298af3d654b5b8700e7 # Neutron neutron::debug: "%{hiera('debug')}" neutron::bind_host: 192.168.24.1 neutron::core_plugin: ml2 neutron::service_plugins: ['router'] neutron::dhcp_agents_per_network: 2 neutron::dns_domain: localdomain neutron::server::api_workers: "%{::os_workers}" neutron::server::rpc_workers: "%{::os_workers}" neutron::rabbit_password: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 neutron::rabbit_user: ad577cadead550db9557fadba0dde091b2451582 neutron::keystone::authtoken::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::server::notifications::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" neutron::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" neutron::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" neutron::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" neutron::server::database_connection: mysql+pymysql://neutron:d602fffd6ec9176ccfc967d4eb64692fd6317007@192.168.24.1/neutron neutron::server::sync_db: true neutron::agents::ml2::ovs::local_ip: 192.168.24.1 neutron::plugins::ml2::mechanism_drivers: ['openvswitch', 'baremetal'] neutron_bridge_mappings: ctlplane:br-ctlplane neutron_public_interface: eth0 neutron_physical_bridge: br-ctlplane neutron::keystone::authtoken::password: d602fffd6ec9176ccfc967d4eb64692fd6317007 neutron::agents::metadata::auth_password: d602fffd6ec9176ccfc967d4eb64692fd6317007 neutron::agents::metadata::metadata_workers: "%{::os_workers}" neutron::quota::quota_port: -1 neutron::server::notifications::auth_url: "%{hiera('keystone_auth_uri')}" neutron::server::notifications::tenant_name: service neutron::server::notifications::password: 2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07 neutron::keystone::auth::tenant: 'service' neutron::keystone::auth::public_url: http://192.168.24.1:9696 neutron::keystone::auth::internal_url: http://192.168.24.1:9696 neutron::keystone::auth::admin_url: http://192.168.24.1:9696 neutron::keystone::auth::password: d602fffd6ec9176ccfc967d4eb64692fd6317007 neutron::keystone::auth::region: "%{hiera('keystone_region')}" neutron::plugins::ml2::extension_drivers: 'port_security' neutron::service_plugins: ['segments'] neutron::agents::ml2::networking_baremetal::user: 'ironic' neutron::agents::ml2::networking_baremetal::password: f8250f457d6e7047f122af2844197c064f0a68d2 neutron::agents::ml2::networking_baremetal::auth_url: http://192.168.24.1:5000 neutron::agents::ml2::networking_baremetal::project_name: "%{hiera('neutron::keystone::auth::tenant')}" neutron::agents::ml2::networking_baremetal::user_domain_name: "%{hiera('keystone_default_domain')}" neutron::agents::ml2::networking_baremetal::project_domain_name: "%{hiera('keystone_default_domain')}" neutron::agents::ml2::networking_baremetal::region_name: "%{hiera('keystone_region')}" # Ceilometer ceilometer::debug: "%{hiera('debug')}" ceilometer::metering_secret: a1a4a3d2b1113f6efe18ab606e4bc3ff06597af4 ceilometer::rabbit_userid: ad577cadead550db9557fadba0dde091b2451582 ceilometer::rabbit_password: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 ceilometer::rabbit_host: "192.168.24.1" ceilometer::keystone::authtoken::password: e5e4dd18d8775384d2ee7b203966722aef568043 ceilometer::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ceilometer::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" ceilometer::db::database_connection: mysql+pymysql://ceilometer:e5e4dd18d8775384d2ee7b203966722aef568043@192.168.24.1/ceilometer ceilometer::agent::auth::auth_password: e5e4dd18d8775384d2ee7b203966722aef568043 ceilometer_compute_agent: '' ceilometer::snmpd_readonly_username: ro_snmp_user ceilometer::snmpd_readonly_user_password: f8c8c0c7eba18c633f9aa55a10bc7b574b63661b ceilometer::keystone::auth::tenant: 'service' ceilometer::keystone::auth::public_url: ceilometer::keystone::auth::internal_url: ceilometer::keystone::auth::admin_url: ceilometer::keystone::auth::password: e5e4dd18d8775384d2ee7b203966722aef568043 ceilometer::keystone::auth::region: "%{hiera('keystone_region')}" ceilometer::dispatcher::gnocchi::url: http://192.168.24.1:8041 ceilometer::dispatcher::gnocchi::filter_project: 'service' ceilometer::dispatcher::gnocchi::archive_policy: 'low' ceilometer::dispatcher::gnocchi::resources_definition_file: 'gnocchi_resources.yaml' # events dispatcher config ceilometer::agent::notification::event_pipeline_publishers: ['gnocchi://', 'panko://'] ceilometer::agent::notification::manage_event_pipeline: true # Aodh aodh::debug: "%{hiera('debug')}" aodh::rabbit_userid: ad577cadead550db9557fadba0dde091b2451582 aodh::rabbit_password: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 aodh::rabbit_host: "192.168.24.1" aodh::api::host: 192.168.24.1 aodh::keystone::authtoken::password: e0fdb973af393a097e766f659e20ba99d41c2455 aodh::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" aodh::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ceilometer::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ceilometer::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" aodh::api::service_name: 'httpd' aodh::wsgi::apache::ssl: false aodh::wsgi::apache::bind_host: 192.168.24.1 aodh::db::database_connection: mysql+pymysql://aodh:e0fdb973af393a097e766f659e20ba99d41c2455@192.168.24.1/aodh aodh::auth::auth_password: e0fdb973af393a097e766f659e20ba99d41c2455 aodh::keystone::auth::tenant: 'service' aodh::keystone::auth::public_url: http://192.168.24.1:8042 aodh::keystone::auth::internal_url: http://192.168.24.1:8042 aodh::keystone::auth::admin_url: http://192.168.24.1:8042 aodh::keystone::auth::password: e0fdb973af393a097e766f659e20ba99d41c2455 aodh::keystone::auth::region: "%{hiera('keystone_region')}" # Gnocchi gnocchi::debug: "%{hiera('debug')}" gnocchi_backend: 'file' gnocchi::wsgi::apache::ssl: false gnocchi::wsgi::apache::bind_host: 192.168.24.1 gnocchi::api::service_name: 'httpd' gnocchi::api::host: 192.168.24.1 gnocchi::keystone::authtoken::password: 1f203e5a4a105d5df0d6c6fe0e73576426327824 gnocchi::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" gnocchi::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" gnocchi::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" gnocchi::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" gnocchi::keystone::auth::tenant: 'service' gnocchi::keystone::auth::public_url: http://192.168.24.1:8041 gnocchi::keystone::auth::internal_url: http://192.168.24.1:8041 gnocchi::keystone::auth::admin_url: http://192.168.24.1:8041 gnocchi::keystone::auth::password: 1f203e5a4a105d5df0d6c6fe0e73576426327824 gnocchi::keystone::auth::region: "%{hiera('keystone_region')}" gnocchi::db::mysql::password: 1f203e5a4a105d5df0d6c6fe0e73576426327824 gnocchi::db::database_connection: mysql+pymysql://gnocchi:1f203e5a4a105d5df0d6c6fe0e73576426327824@192.168.24.1/gnocchi gnocchi::storage::swift::swift_user: 'service:gnocchi' gnocchi::storage::swift::swift_auth_version: 2 gnocchi::storage::swift::swift_authurl: "%{hiera('keystone_auth_uri')}" gnocchi::storage::swift::swift_key: 1f203e5a4a105d5df0d6c6fe0e73576426327824 #Gnocchi statsd gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' gnocchi::statsd::user_id: '27c0d3f8-e7ee-42f0-8317-72237d1c5ae3' gnocchi::statsd::project_id: '6c38cd8d-099a-4cb2-aecf-17be688e8616' gnocchi::statsd::flush_delay: 10 gnocchi::statsd::archive_policy_name: 'low' gnocchi_healthcheck_url: http://192.168.24.1:8041/healthcheck # Panko panko::logging::debug: "%{hiera('debug')}" panko::wsgi::apache::ssl: false panko::wsgi::apache::bind_host: 192.168.24.1 panko::api::service_name: 'httpd' panko::api::host: 192.168.24.1 panko::db::mysql::password: 39bf7f022b62f3f11453f1a539612fc40bc2e76b panko::db::database_connection: mysql+pymysql://panko:39bf7f022b62f3f11453f1a539612fc40bc2e76b@192.168.24.1/panko panko::keystone::authtoken::password: 39bf7f022b62f3f11453f1a539612fc40bc2e76b panko::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" panko::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" panko::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" panko::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" panko::keystone::auth::tenant: 'service' panko::keystone::auth::public_url: http://192.168.24.1:8977 panko::keystone::auth::internal_url: http://192.168.24.1:8977 panko::keystone::auth::admin_url: http://192.168.24.1:8977 panko::keystone::auth::password: 39bf7f022b62f3f11453f1a539612fc40bc2e76b panko::keystone::auth::region: "%{hiera('keystone_region')}" panko::keystone::authtoken::project_name: 'service' # Nova nova::debug: "%{hiera('debug')}" nova::default_transport_url: "rabbit://ad577cadead550db9557fadba0dde091b2451582:6b2e65306a27cb0f3127aa3f1ca874bfe3714446@192.168.24.1//" nova::notification_driver: messaging nova::rpc_response_timeout: '600' nova::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" nova::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" nova::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" nova::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" nova::api::service_name: 'httpd' nova::api::api_bind_address: 192.168.24.1 nova::api::enabled: true nova::api::metadata_listen: 192.168.24.1 nova::keystone::authtoken::password: 2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07 nova::api::enabled_apis: - metadata nova::api::sync_db_api: true nova::api::osapi_compute_workers: "%{::os_workers}" nova::api::metadata_workers: "%{::os_workers}" nova::wsgi::apache_api::ssl: false nova::wsgi::apache_api::bind_host: 192.168.24.1 nova::wsgi::apache_placement::ssl: false nova::wsgi::apache_placement::bind_host: 192.168.24.1 nova::wsgi::apache_placement::api_port: '8778' nova::placement::auth_url: "%{hiera('keystone_identity_uri')}" nova::placement::password: 2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07 nova::placement::project_name: 'service' nova::placement::os_region_name: "%{hiera('keystone_region')}" nova::conductor::enabled: true nova::conductor::workers: "%{::os_workers}" nova::database_connection: mysql+pymysql://nova:2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07@192.168.24.1/nova nova::api_database_connection: mysql+pymysql://nova_api:2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07@192.168.24.1/nova_api nova::placement_database_connection: mysql+pymysql://nova_placement:2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07@192.168.24.1/nova_placement nova::notify_on_state_change: 'vm_and_task_state' nova::scheduler::enabled: true nova::network::neutron::dhcp_domain: '' nova::compute::force_config_drive: true nova::compute::reserved_host_memory: '0' nova::compute::vnc_enabled: false nova::compute::instance_usage_audit: true nova::compute::instance_usage_audit_period: 'hour' nova::compute::consecutive_build_service_disable_threshold: 0 nova::cron::archive_deleted_rows::destination: '/dev/null' nova_sync_power_state_interval: -1 nova::ironic::common::username: 'ironic' nova::ironic::common::password: f8250f457d6e7047f122af2844197c064f0a68d2 nova::ironic::common::project_name: 'service' nova::ironic::common::api_endpoint: "http://192.168.24.1:6385/v1" nova::ironic::common::auth_url: "%{hiera('keystone_identity_uri')}" nova::network::neutron::neutron_auth_url: "%{hiera('keystone_auth_uri')}" nova::network::neutron::neutron_url: http://192.168.24.1:9696 nova::network::neutron::neutron_password: "%{hiera('neutron::keystone::authtoken::password')}" nova::network::neutron::neutron_project_name: "%{hiera('neutron::keystone::auth::tenant')}" nova::network::neutron::neutron_region_name: '' nova::ram_allocation_ratio: '1.0' nova::scheduler::filter::scheduler_host_manager: 'ironic_host_manager' nova::scheduler::filter::scheduler_max_attempts: 30 nova::scheduler::filter::scheduler_available_filters: ['tripleo_common.filters.list.tripleo_filters'] nova::scheduler::filter::scheduler_default_filters: ['RetryFilter', 'TripleOCapabilitiesFilter', 'ComputeCapabilitiesFilter', 'AvailabilityZoneFilter', 'RamFilter', 'DiskFilter', 'ComputeFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter'] nova::keystone::auth::tenant: 'service' nova::keystone::auth::public_url: http://192.168.24.1:8774/v2.1 nova::keystone::auth::internal_url: http://192.168.24.1:8774/v2.1 nova::keystone::auth::admin_url: http://192.168.24.1:8774/v2.1 nova::keystone::auth::password: 2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07 nova::keystone::auth::region: "%{hiera('keystone_region')}" nova::keystone::auth::configure_ec2_endpoint: false nova::keystone::auth_placement::tenant: 'service' nova::keystone::auth_placement::public_url: http://192.168.24.1:8778/placement nova::keystone::auth_placement::internal_url: http://192.168.24.1:8778/placement nova::keystone::auth_placement::admin_url: http://192.168.24.1:8778/placement nova::keystone::auth_placement::password: 2bf774d51fc57ff5e92505ac5aaa6f4788fc7d07 nova::keystone::auth_placement::region: "%{hiera('keystone_region')}" nova::glance_api_servers: http://192.168.24.1:9292 # NOTE(aschultz): raise upper limit on nova DB syncs for undercloud only. # There is no way this should take 15 minutes and if it does we now have way # different problems. But rather than block undercloud installs let's increase # the timeout for these actions. See LP#1661396 for more details. nova::db::sync::db_sync_timeout: 900 nova::db::sync_api::db_sync_timeout: 900 # Ironic ironic::debug: "%{hiera('debug')}" ironic::my_ip: 192.168.24.1 ironic::db_online_data_migrations: true # TODO(dtantsur): remove when support for classic drivers is removed ironic::db::online_data_migrations::migration_params: "--option migrate_to_hardware_types.reset_unsupported_interfaces=true" ironic::rpc_response_timeout: 600 ironic::api::authtoken::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::api::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ironic::api::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ironic::api::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ironic::api::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" ironic::api::host_ip: 192.168.24.1 ironic::api::service_name: 'httpd' ironic::api::workers: "%{::os_workers}" ironic::wsgi::apache::ssl: false ironic::wsgi::apache::bind_host: 192.168.24.1 ironic::pxe::tftp_bind_host: 192.168.24.1 ironic::database_connection: mysql+pymysql://ironic:f8250f457d6e7047f122af2844197c064f0a68d2@192.168.24.1/ironic ironic::default_transport_url: "rabbit://ad577cadead550db9557fadba0dde091b2451582:6b2e65306a27cb0f3127aa3f1ca874bfe3714446@192.168.24.1//" ironic::drivers::inspector::enabled: true ironic::drivers::inspector::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::drivers::inspector::auth_url: "%{hiera('keystone_identity_uri')}" ironic::drivers::inspector::user_domain_name: "%{hiera('keystone_default_domain')}" ironic::drivers::inspector::project_domain_name: "%{hiera('keystone_default_domain')}" ironic::glance::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::glance::auth_url: "%{hiera('keystone_identity_uri')}" ironic::neutron::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::neutron::auth_url: "%{hiera('keystone_identity_uri')}" ironic::service_catalog::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::service_catalog::auth_url: "%{hiera('keystone_identity_uri')}" ironic::swift::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::swift::auth_url: "%{hiera('keystone_identity_uri')}" # Ironic conductor forces deployments to use http # https://bugs.launchpad.net/tripleo/+bug/1613088 ironic::conductor::api_url: http://192.168.24.1:6385 ironic::conductor::force_power_state_during_sync: false ironic::conductor::automated_clean: False ironic::conductor::cleaning_disk_erase: 'metadata' ironic::conductor::cleaning_network: 'ctlplane' ironic::conductor::provisioning_network: 'ctlplane' ironic::conductor::default_boot_option: 'local' ironic::conductor::enabled_drivers: ["pxe_drac", "pxe_ilo", "pxe_ipmitool"] ironic::conductor::enabled_hardware_types: ["redfish", "ipmi", "idrac", "ilo"] ironic::drivers::interfaces::default_inspect_interface: inspector ironic::drivers::interfaces::enabled_boot_interfaces: ["ilo-pxe", "pxe"] ironic::drivers::interfaces::enabled_console_interfaces: ['no-console', 'ipmitool-socat'] ironic::drivers::interfaces::enabled_deploy_interfaces: ['iscsi', 'direct', 'ansible'] ironic::drivers::interfaces::enabled_inspect_interfaces: ['no-inspect', 'inspector'] ironic::drivers::interfaces::enabled_management_interfaces: ["redfish", "ilo", "idrac", "ipmitool", "fake"] ironic::drivers::interfaces::enabled_power_interfaces: ["redfish", "ilo", "idrac", "ipmitool", "fake"] ironic::drivers::interfaces::enabled_raid_interfaces: ["no-raid", "idrac"] ironic::drivers::interfaces::enabled_vendor_interfaces: ["idrac", "ipmitool", "no-vendor"] # Make sure new nodes default to 'baremetal' resource class ironic::default_resource_class: 'baremetal' ironic::keystone::auth::tenant: 'service' ironic::keystone::auth::public_url: http://192.168.24.1:6385 ironic::keystone::auth::internal_url: http://192.168.24.1:6385 ironic::keystone::auth::admin_url: http://192.168.24.1:6385 ironic::keystone::auth::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::keystone::auth::region: "%{hiera('keystone_region')}" ironic::keystone::auth_inspector::tenant: 'service' ironic::keystone::auth_inspector::public_url: http://192.168.24.1:5050 ironic::keystone::auth_inspector::internal_url: http://192.168.24.1:5050 ironic::keystone::auth_inspector::admin_url: http://192.168.24.1:5050 ironic::keystone::auth_inspector::password: f8250f457d6e7047f122af2844197c064f0a68d2 ironic::keystone::auth_inspector::region: "%{hiera('keystone_region')}" # Ironic Inspector ironic::inspector::listen_address: 192.168.24.1 ironic::inspector::debug: "%{hiera('debug')}" ironic::inspector::pxe_transfer_protocol: 'http' ironic::inspector::enable_uefi: True ironic::inspector::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" ironic::inspector::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" ironic::inspector::authtoken::username: 'ironic' ironic::inspector::authtoken::password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::authtoken::project_name: 'service' ironic::inspector::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" ironic::inspector::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" ironic::inspector::db::database_connection: mysql+pymysql://ironic-inspector:f8250f457d6e7047f122af2844197c064f0a68d2@192.168.24.1/ironic-inspector ironic::inspector::keep_ports: 'added' ironic::inspector::ironic_username: 'ironic' ironic::inspector::ironic_password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::ironic_tenant_name: 'service' ironic::inspector::ironic_project_domain_name: 'Default' ironic::inspector::ironic_user_domain_name: 'Default' ironic::inspector::ironic_auth_url: "%{hiera('keystone_auth_uri')}" ironic::inspector::ironic_max_retries: 6 ironic::inspector::ironic_retry_interval: 10 ironic::inspector::store_data: 'swift' ironic::inspector::swift_username: 'ironic' ironic::inspector::swift_password: "%{hiera('ironic::api::authtoken::password')}" ironic::inspector::swift_tenant_name: 'service' ironic::inspector::swift_project_domain_name: 'Default' ironic::inspector::swift_user_domain_name: 'Default' ironic::inspector::swift_auth_url: "%{hiera('keystone_auth_uri')}" ironic::inspector::dnsmasq_local_ip: 192.168.24.1 ironic::inspector::dnsmasq_interface: br-ctlplane ironic::inspector::dnsmasq_ip_subnets: [{"netmask": "255.255.255.0", "tag": "ctlplane-subnet", "ip_range": "192.168.24.100,192.168.24.120", "gateway": "192.168.24.1"}] ironic::inspector::pxe_filter::driver: dnsmasq ironic::inspector::dnsmasq_dhcp_hostsdir: '/var/lib/ironic-inspector/dhcp-hostsdir' ironic::inspector::ramdisk_collectors: default,extra-hardware,numa-topology,logs ironic::inspector::additional_processing_hooks: 'extra_hardware,lldp_basic,local_link_connection' ironic::inspector::ramdisk_kernel_args: ipa-debug=1 ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 ironic::inspector::ipxe_timeout: 60 ironic::inspector::node_not_found_hook: ironic::inspector::discovery_default_driver: ipmi ironic::inspector::detect_boot_mode: true # Ironic PXE driver ironic::drivers::pxe::ipxe_timeout: 60 # Ironic deploy utils ironic_ipxe_port: 8088 ironic::conductor::http_url: "http://192.168.24.1:%{hiera('ironic_ipxe_port')}" ironic::conductor::http_boot: '/httpboot' ironic::inspector::http_port: "%{hiera('ironic_ipxe_port')}" # Ironic pxe ironic::drivers::pxe::ipxe_enabled: True # NOTE(dtantsur): UEFI only works with iPXE currently for us ironic::drivers::pxe::uefi_pxe_config_template: '$pybasedir/drivers/modules/ipxe_config.template' ironic::drivers::pxe::uefi_pxe_bootfile_name: 'ipxe.efi' # Ironic agent ironic::drivers::agent::deploy_logs_collect: 'always' ironic::drivers::agent::deploy_logs_storage_backend: 'local' ironic::drivers::agent::deploy_logs_local_path: '/var/log/ironic/deploy/' # Ironic power and management drivers tuning ironic::drivers::ilo::default_boot_mode: 'bios' # Customisations for ppc64le # Rabbit rabbit_cookie: 877776e5c54141732364f5b6e26bb5f21bf6e8fd rabbitmq::delete_guest_user: false rabbitmq::node_ip_address: 192.168.24.1 rabbitmq::management_ip_address: 192.168.24.1 rabbitmq::package_source: undef rabbitmq::port: 5672 rabbitmq::repos_ensure: false rabbitmq::wipe_db_on_cookie_change: true rabbitmq::default_user: ad577cadead550db9557fadba0dde091b2451582 rabbitmq::default_pass: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 # Horizon horizon::django_debug: "%{hiera('debug')}" horizon_secret_key: 6c1a7773fda549d35692cf9c57e2cc9ef6cb2d24 horizon::allowed_hosts: - "%{::fqdn}" - "192.168.24.1" horizon::wsgi::apache::priority: 10 horizon::openstack_endpoint_type: internalURL # Mistral mistral::debug: "%{hiera('debug')}" mistral::api::bind_host: 192.168.24.1 mistral::api::api_workers: "%{::os_workers}" mistral::rabbit_userid: ad577cadead550db9557fadba0dde091b2451582 mistral::rabbit_password: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 mistral::rabbit_host: "192.168.24.1" mistral::database_connection: mysql+pymysql://mistral:96bbd10902323c6699457744fd34bd2ec40c3848@192.168.24.1/mistral mistral::rpc_backend: rabbit mistral::rpc_response_timeout: 120 mistral::cron_trigger::execution_interval: 600 mistral::keystone::authtoken::password: 96bbd10902323c6699457744fd34bd2ec40c3848 mistral::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" mistral::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" mistral::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" mistral::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" mistral::keystone::auth::public_url: http://192.168.24.1:8989/v2 mistral::keystone::auth::internal_url: http://192.168.24.1:8989/v2 mistral::keystone::auth::admin_url: http://192.168.24.1:8989/v2 mistral::keystone::auth::region: "%{hiera('keystone_region')}" mistral::keystone::auth::password: 96bbd10902323c6699457744fd34bd2ec40c3848 mistral::keystone::auth::tenant: 'service' mistral::engine::older_than: 2880 mistral::engine::evaluation_interval: 120 mistral::engine::execution_field_size_limit_kb: 16384 # Zaqar zaqar::keystone::authtoken::project_name: 'service' zaqar::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" zaqar::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" zaqar::keystone::authtoken::password: 4ab0412c0fe184ce2960698cf7b817a0c2a83401 zaqar::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" zaqar::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" zaqar::keystone::auth::tenant: 'service' zaqar::keystone::auth::public_url: http://192.168.24.1:8888 zaqar::keystone::auth::internal_url: http://192.168.24.1:8888 zaqar::keystone::auth::admin_url: http://192.168.24.1:8888 zaqar::keystone::auth::region: "%{hiera('keystone_region')}" zaqar::keystone::auth::password: 4ab0412c0fe184ce2960698cf7b817a0c2a83401 zaqar::keystone::auth::roles: - admin - ResellerAdmin zaqar::keystone::auth_websocket::tenant: 'service' zaqar::keystone::auth_websocket::public_url: ws://192.168.24.1:9000 zaqar::keystone::auth_websocket::internal_url: ws://192.168.24.1:9000 zaqar::keystone::auth_websocket::admin_url: ws://192.168.24.1:9000 zaqar::keystone::auth_websocket::region: "%{hiera('keystone_region')}" zaqar::keystone::auth_websocket::password: 4ab0412c0fe184ce2960698cf7b817a0c2a83401 zaqar::server::service_name: 'httpd' zaqar::unreliable: true zaqar::transport::websocket::bind: 192.168.24.1 zaqar::transport::websocket::notification_bind: 192.168.24.1 zaqar::wsgi::apache::bind_host: 192.168.24.1 zaqar::wsgi::apache::ssl: false zaqar::message_store: swift zaqar::management_store: sqlalchemy zaqar::management::sqlalchemy::uri: mysql+pymysql://zaqar:4ab0412c0fe184ce2960698cf7b817a0c2a83401@192.168.24.1/zaqar zaqar::messaging::swift::uri: swift://zaqar:4ab0412c0fe184ce2960698cf7b817a0c2a83401@/service zaqar::messaging::swift::auth_url: "%{hiera('keystone_auth_uri')}" zaqar::message_pipeline: 'zaqar.notification.notifier' zaqar::max_messages_post_size: 1048576 # Cinder cinder::debug: "%{hiera('debug')}" cinder_backend_name: 'undercloud_iscsi' cinder_enable_test_volume: false cinder_iscsi_address: 192.168.24.1 cinder::api::enable_proxy_headers_parsing: true cinder::api::service_name: 'httpd' cinder::api::nova_catalog_info: 'compute:Compute Service:internalURL' cinder::backends::enabled_backends: ["%{hiera('cinder_backend_name')}"] cinder::cron::db_purge::destination: "/dev/null" cinder::database_connection: mysql+pymysql://cinder:05a4fcda809733bec131f2d91e4d12565d5260d9@192.168.24.1/cinder cinder::db::database_db_max_retries: -1 cinder::db::database_max_retries: -1 cinder::debug: "%{hiera('debug')}" cinder::glance::glance_api_servers: http://192.168.24.1:9292 cinder::keystone::auth::tenant: 'service' cinder::keystone::auth::public_url: http://192.168.24.1:8776/v1/%(tenant_id)s cinder::keystone::auth::internal_url: http://192.168.24.1:8776/v1/%(tenant_id)s cinder::keystone::auth::admin_url: http://192.168.24.1:8776/v1/%(tenant_id)s cinder::keystone::auth::public_url_v2: http://192.168.24.1:8776/v2/%(tenant_id)s cinder::keystone::auth::internal_url_v2: http://192.168.24.1:8776/v2/%(tenant_id)s cinder::keystone::auth::admin_url_v2: http://192.168.24.1:8776/v2/%(tenant_id)s cinder::keystone::auth::public_url_v3: http://192.168.24.1:8776/v3/%(tenant_id)s cinder::keystone::auth::internal_url_v3: http://192.168.24.1:8776/v3/%(tenant_id)s cinder::keystone::auth::admin_url_v3: http://192.168.24.1:8776/v3/%(tenant_id)s cinder::keystone::auth::region: "%{hiera('keystone_region')}" cinder::keystone::auth::password: 05a4fcda809733bec131f2d91e4d12565d5260d9 cinder::keystone::authtoken::project_name: 'service' cinder::keystone::authtoken::auth_uri: "%{hiera('keystone_auth_uri')}" cinder::keystone::authtoken::auth_url: "%{hiera('keystone_identity_uri')}" cinder::keystone::authtoken::password: 05a4fcda809733bec131f2d91e4d12565d5260d9 cinder::keystone::authtoken::user_domain_name: "%{hiera('keystone_default_domain')}" cinder::keystone::authtoken::project_domain_name: "%{hiera('keystone_default_domain')}" cinder::rabbit_userid: ad577cadead550db9557fadba0dde091b2451582 cinder::rabbit_password: 6b2e65306a27cb0f3127aa3f1ca874bfe3714446 cinder::rabbit_host: "192.168.24.1" cinder::scheduler::scheduler_driver: cinder.scheduler.filter_scheduler.FilterScheduler cinder::setup_test_volume::size: '10280M' cinder::wsgi::apache::bind_host: 192.168.24.1 cinder::wsgi::apache::ssl: false cinder::wsgi::apache::workers: "%{::os_workers}" # HAproxy tripleo::profile::base::haproxy::step: 1 tripleo::haproxy::haproxy_stats_password: 8c59050b4bf17dbbc3814858d19df86ed34b9fa2 tripleo::haproxy::controller_virtual_ip: "%{hiera('controller_admin_host')}" tripleo::haproxy::controller_hosts: "%{hiera('controller_host')}" tripleo::haproxy::public_virtual_ip: "%{hiera('controller_public_host')}" tripleo::haproxy::public_virtual_interface: 'br-ctlplane' tripleo::haproxy::keystone_admin: true tripleo::haproxy::keystone_public: true tripleo::haproxy::neutron: true tripleo::haproxy::glance_api: true tripleo::haproxy::glance_registry: true tripleo::haproxy::nova_osapi: true tripleo::haproxy::nova_placement: true tripleo::haproxy::nova_metadata: true tripleo::haproxy::swift_proxy_server: true tripleo::haproxy::heat_api: true tripleo::haproxy::ceilometer: "%{hiera('enable_telemetry')}" tripleo::haproxy::aodh: "%{hiera('enable_telemetry')}" tripleo::haproxy::gnocchi: "%{hiera('enable_telemetry')}" tripleo::haproxy::panko: "%{hiera('enable_telemetry')}" tripleo::haproxy::ironic: true tripleo::haproxy::ironic_inspector: true tripleo::haproxy::rabbitmq: true tripleo::haproxy::mistral: true tripleo::haproxy::zaqar_api: true tripleo::haproxy::zaqar_ws: true tripleo::haproxy::docker_registry: true # Docker tripleo::profile::base::docker::step: 1 # Undercloud should not have --iptables=false by default hence this override (LP#1709325) tripleo::profile::base::docker::docker_options: '--log-driver=journald --signature-verification=false' tripleo::profile::base::docker::debug: "%{hiera('debug')}" tripleo::profile::base::docker::insecure_registries: ['192.168.24.1:8787','192.168.24.3:8787'] # Keepalived tripleo::keepalived::controller_virtual_ip: "%{hiera('controller_admin_host')}" tripleo::keepalived::control_virtual_interface: 'br-ctlplane' tripleo::keepalived::public_virtual_ip: "%{hiera('controller_public_host')}" tripleo::keepalived::public_virtual_interface: 'br-ctlplane' tripleo::keepalived::virtual_router_id_base: 40 # UI keystone::cors::allowed_origin: '*' nova::cors::allowed_origin: '*' nova::cors::max_age: 3600 nova::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' nova::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' nova::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' ironic::cors::allowed_origin: '*' ironic::cors::max_age: 3600 ironic::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' ironic::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' ironic::inspector::cors::allowed_origin: '*' ironic::inspector::cors::max_age: 3600 ironic::inspector::cors::allow_methods: 'GET,POST,PUT,DELETE,OPTIONS,PATCH' ironic::inspector::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' ironic::inspector::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' heat::cors::allowed_origin: '*' heat::cors::max_age: 3600 heat::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' heat::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' mistral::cors::allowed_origin: '*' mistral::cors::allow_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma,X-Auth-Token' mistral::cors::expose_headers: 'Content-Type,Cache-Control,Content-Language,Expires,Last-Modified,Pragma' swift::proxy::cors_allow_origin: '*' tripleo::ui::endpoint_proxy_zaqar: ws://192.168.24.1:9000 tripleo::ui::endpoint_proxy_keystone: http://192.168.24.1:5000 tripleo::ui::endpoint_proxy_heat: http://192.168.24.1:8004 tripleo::ui::endpoint_proxy_ironic: http://192.168.24.1:6385 tripleo::ui::endpoint_proxy_ironic_inspector: http://192.168.24.1:5050 tripleo::ui::endpoint_proxy_mistral: http://192.168.24.1:8989 tripleo::ui::endpoint_proxy_nova: http://192.168.24.1:8774 tripleo::ui::endpoint_proxy_swift: http://192.168.24.1:8080 tripleo::ui::endpoint_config_zaqar: ws://192.168.24.1:3000/zaqar tripleo::ui::endpoint_config_keystone: http://192.168.24.1:3000/keystone/v3 tripleo::ui::endpoint_config_heat: http://192.168.24.1:3000/heat/v1/%(project_id)s tripleo::ui::endpoint_config_ironic: http://192.168.24.1:3000/ironic tripleo::ui::endpoint_config_ironic_inspector: http://192.168.24.1:3000/ironic-inspector tripleo::ui::endpoint_config_mistral: http://192.168.24.1:3000/mistral/v2 tripleo::ui::endpoint_config_nova: http://192.168.24.1:3000/nova/v2.1 tripleo::ui::endpoint_config_swift: http://192.168.24.1:3000/swift/v1/AUTH_%(project_id)s # service tenant ceilometer::keystone::authtoken::project_name: 'service' aodh::keystone::authtoken::project_name: 'service' gnocchi::keystone::authtoken::project_name: 'service' cinder::keystone::authtoken::project_name: 'service' heat::keystone::authtoken::project_name: 'service' glance::api::authtoken::project_name: 'service' glance::registry::authtoken::project_name: 'service' ironic::api::authtoken::project_name: 'service' ironic::drivers::inspector::project_name: 'service' ironic::glance::project_name: 'service' ironic::neutron::project_name: 'service' ironic::service_catalog::project_name: 'service' ironic::swift::project_name: 'service' nova::keystone::authtoken::project_name: 'service' swift::proxy::authtoken::project_name: 'service' mistral::keystone::authtoken::project_name: 'service' swift::proxy::workers: "%{::os_workers}" # Options enable_tempest: True enable_validations: True enable_telemetry: False enable_ui: True enable_cinder: False enable_container_images_build: False # Path to install configuration files tripleo_install_user: stack tripleo_undercloud_conf_file: /home/stack/undercloud.conf tripleo_undercloud_password_file: /home/stack/undercloud-passwords.conf # Novajoin # Firewall tripleo::firewall::manage_firewall: true tripleo::firewall::firewall_rules: '105 ntp': dport: 123 proto: udp '106 vrrp': proto: vrrp '107 haproxy stats': dport: 1993 '108 redis': dport: - 6379 - 26379 '110 ceph': dport: - 6789 - '6800-6810' '111 keystone': dport: - 5000 - 13000 - 35357 - 13357 '112 glance': dport: - 9292 - 9191 - 13292 '113 nova': dport: - 6080 - 13080 - 8773 - 13773 - 8774 - 13774 - 8778 - 13778 - 8775 - 13775 '114 neutron server': dport: - 9696 - 13696 '115 neutron dhcp input': proto: 'udp' dport: 67 '116 neutron dhcp output': proto: 'udp' chain: 'OUTPUT' dport: 68 '118 neutron vxlan networks': proto: 'udp' dport: 4789 '119 cinder': dport: - 8776 - 13776 '120 iscsi initiator': dport: 3260 '121 memcached': dport: 11211 proto: tcp source: '127.0.0.1' '122 swift proxy': dport: - 8080 - 13808 '123 swift storage': dport: - 873 - 6000 - 6001 - 6002 '125 heat': dport: - 8000 - 13800 - 8003 - 13003 - 8004 - 13004 '126 horizon': dport: - 80 - 443 '127 snmp': dport: 161 proto: 'udp' '128 aodh': dport: - 8042 - 13042 '129 gnocchi-api': dport: - 8041 - 13041 '130 tftp': dport: 69 proto: udp '131 novnc': dport: 5900-5999 proto: tcp '132 mistral': dport: - 8989 - 13989 '133 zaqar': dport: - 8888 - 13888 '134 zaqar websockets': dport: 9000 '135 ironic': dport: - 6385 - 13385 '136 trove': dport: - 8779 - 13779 '137 ironic-inspector': dport: 5050 '138 docker registry': dport: - 8787 - 13787 '139 apache vhost': dport: "%{hiera('ironic_ipxe_port')}" # 140 network cidr nat rules "140 destination ctlplane-subnet cidr nat": {"chain": "FORWARD", "destination": "192.168.24.0/24", "proto": "all", "action": "accept"} "140 source ctlplane-subnet cidr nat": {"chain": "FORWARD", "source": "192.168.24.0/24", "proto": "all", "action": "accept"} '142 tripleo-ui': dport: - 3000 - 443 '143 panko-api': dport: - 8977 - 13977